Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems reappearing


  • Please log in to reply
4 replies to this topic

#1 DottieR

DottieR

  • Members
  • 278 posts
  • ONLINE
  •  
  • Local time:08:38 AM

Posted Yesterday, 11:40 AM

I opened an email from a company I do business with. It contained a file which I could not open, but which scanned OK with 360TS. A bit later someone posted not to open it it was a phishing attempt. One of those things that does the damage just by opening the email, I guess.

 

I ran MBAM and found 3 trojans and a PUP. Hitman Pro then showed nothing. Ran CCCleaner, just removed all my cookies.

 

This morning when I bootedup MBAM gave me this. What do I do now?

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/21/18
Scan Time: 7:05 AM
Log File: 1d464820-755c-11e8-86f3-00219b3dbf15.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5568
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 184741
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 16 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Generic.Malware/Suspicious, C:\USERS\DOROTHY\APPDATA\LOCAL\TEMP\RH7RMBRV.EXE.PART, Quarantined, [0], [392686],1.0.5568
Generic.Malware/Suspicious, C:\USERS\DOROTHY\APPDATA\LOCAL\TEMP\YV+1CWKQ.EXE.PART, Quarantined, [0], [392686],1.0.5568

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:38 AM

Posted Yesterday, 12:42 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
I can check further, please run this program.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Wait for further instructions.

#3 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • ONLINE
  •  
  • Local time:08:38 AM

Posted Yesterday, 03:51 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.06.2018
Ran by Dorothy (administrator) on DOROTHY-PC (21-06-2018 13:48:33)
Running from C:\Users\Dorothy\Desktop
Loaded Profiles: Dorothy (Available Profiles: Dorothy)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
(f.lux Software LLC) C:\Users\Dorothy\AppData\Local\FluxSoftware\Flux\flux.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [2218080 2018-04-16] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-4144204480-2940629699-3375271912-1000\...\Run: [f.lux] => C:\Users\Dorothy\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Shortcut.lnk [2017-03-01]
ShortcutTarget: firefox - Shortcut.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D400FCE5-42DC-4A42-AD6A-677437B158A6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4144204480-2940629699-3375271912-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4144204480-2940629699-3375271912-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.google.com/mail/u/0/#inbox
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4144204480-2940629699-3375271912-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2018-04-17] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Dorothy\AppData\Roaming\Mozilla\Firefox\Profiles\rld7p8i9.default-1478690364297 [2018-06-21]
FF Homepage: Mozilla\Firefox\Profiles\rld7p8i9.default-1478690364297 -> hxxps://mail.google.com/mail/u/0/#inbox
FF NewTab: Mozilla\Firefox\Profiles\rld7p8i9.default-1478690364297 -> about:newtab
FF Extension: (Privacy Badger) - C:\Users\Dorothy\AppData\Roaming\Mozilla\Firefox\Profiles\rld7p8i9.default-1478690364297\Extensions\jid1-MnnxcxisBPnSXQ-eff@jetpack.xpi [2018-05-10]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Dorothy\AppData\Roaming\Mozilla\Firefox\Profiles\rld7p8i9.default-1478690364297\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-05-28]
FF Extension: (360 Internet Protection) - C:\Users\Dorothy\AppData\Roaming\Mozilla\Firefox\Profiles\rld7p8i9.default-1478690364297\Extensions\WebProtection@360safe.com [2017-02-15] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4144204480-2940629699-3375271912-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dorothy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-21] (Citrix Online)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [114648 2018-06-19] (SurfRight B.V.)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [258104 2016-10-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [931424 2018-04-16] (QIHU 360 SOFTWARE CO. LIMITED)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [158328 2017-12-01] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [74472 2018-04-16] (360.cn)
R1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [214464 2018-04-16] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera.sys [43456 2017-05-17] (360.cn)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [79992 2018-01-12] (360.cn)
R1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [192704 2017-05-17] (360安全中心)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [198776 2017-12-01] (360.cn)
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872192 2009-12-01] (C-Media Inc) [File not signed]
S3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [29400 2016-01-05] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [22192 2016-01-05] (Dell Computer Corporation)
R2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed]
S3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2013-02-20] (Intel Corporation)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [40880 2017-12-01] (360.cn)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128736 2018-05-24] (Malwarebytes)
R0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [73664 2017-05-17] (360安全中心)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-04-23] (REALiX™)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165088 2018-06-19] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [93920 2018-06-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40160 2018-06-21] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-06-19] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73848 2018-06-21] (Malwarebytes)
S3 MEI; C:\Windows\system32\drivers\HECI.sys [45056 2007-05-11] (Intel Corporation)
R3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [44496 2016-09-02] (Intel Corporation )
R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [330744 2017-12-01] (360.cn)
R1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [70720 2017-05-17] (360.cn)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45144 2018-05-18] (Synaptics Incorporated)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed]
S3 catchme; \??\C:\Users\Dorothy\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-21 13:47 - 2018-06-21 13:48 - 000026468 _____ C:\Users\Dorothy\Desktop\Addition.txt
2018-06-21 13:45 - 2018-06-21 13:48 - 000009571 _____ C:\Users\Dorothy\Desktop\FRST.txt
2018-06-21 13:45 - 2018-06-21 13:48 - 000000000 ____D C:\FRST
2018-06-21 13:45 - 2018-06-21 13:45 - 001773056 _____ (Farbar) C:\Users\Dorothy\Desktop\FRST.exe
2018-06-21 10:13 - 2018-06-21 10:13 - 000119376 _____ C:\Users\Dorothy\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-21 07:24 - 2018-06-21 07:24 - 000001445 _____ C:\Users\Dorothy\Desktop\MBM 6-21.txt
2018-06-20 15:28 - 2018-06-21 13:43 - 000073848 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-20 10:18 - 2018-06-20 10:18 - 000197456 _____ C:\Users\Dorothy\Desktop\Scale Flowers Instructions.pdf
2018-06-19 11:58 - 2018-06-19 12:09 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-19 11:58 - 2018-06-19 11:58 - 000000000 ____D C:\Program Files\HitmanPro
2018-06-19 07:43 - 2018-06-19 07:44 - 000000000 ____D C:\Program Files\CCleaner
2018-06-19 07:43 - 2018-06-19 07:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-06-19 07:41 - 2018-06-19 07:45 - 000000000 ____D C:\Program Files\Google
2018-06-19 07:41 - 2018-06-19 07:44 - 000000000 ____D C:\Users\Dorothy\AppData\Local\Google
2018-06-19 07:40 - 2018-06-21 09:11 - 000093920 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-19 07:40 - 2018-06-21 09:11 - 000040160 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-19 07:40 - 2018-06-19 07:40 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-19 07:40 - 2018-06-19 07:40 - 000165088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-19 07:39 - 2018-06-19 07:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-19 07:39 - 2018-06-19 07:39 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-19 07:39 - 2018-05-24 06:55 - 000128736 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-06-16 15:12 - 2018-06-16 15:12 - 000101427 _____ C:\Users\Dorothy\Desktop\#223 07 2018 rent billing.pdf
2018-06-13 06:44 - 2018-05-29 12:40 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-06-13 06:44 - 2018-05-28 19:32 - 004050624 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-06-13 06:44 - 2018-05-28 19:32 - 003962048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-06-13 06:44 - 2018-05-28 19:32 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-06-13 06:44 - 2018-05-28 19:32 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-06-13 06:44 - 2018-05-28 19:32 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-06-13 06:44 - 2018-05-28 19:32 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-06-13 06:44 - 2018-05-28 19:32 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-06-13 06:44 - 2018-05-28 19:25 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-06-13 06:44 - 2018-05-28 19:22 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-06-13 06:44 - 2018-05-28 19:03 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-06-13 06:44 - 2018-05-28 19:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-06-13 06:44 - 2018-05-28 19:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-06-13 06:44 - 2018-05-28 19:03 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-06-13 06:44 - 2018-05-28 19:03 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-06-13 06:44 - 2018-05-28 19:01 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-06-13 06:44 - 2018-05-28 19:01 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-06-13 06:44 - 2018-05-28 18:59 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-06-13 06:44 - 2018-05-28 18:59 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-06-13 06:44 - 2018-05-28 18:59 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-06-13 06:44 - 2018-05-28 18:58 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-06-13 06:44 - 2018-05-28 18:58 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-06-13 06:44 - 2018-05-28 18:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-06-13 06:44 - 2018-05-28 18:58 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-06-13 06:44 - 2018-05-28 17:04 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-06-13 06:44 - 2018-05-24 21:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-06-13 06:44 - 2018-05-24 21:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-06-13 06:44 - 2018-05-24 21:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-06-13 06:44 - 2018-05-24 21:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-06-13 06:44 - 2018-05-24 21:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-06-13 06:44 - 2018-05-24 21:15 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-06-13 06:44 - 2018-05-24 21:15 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-06-13 06:44 - 2018-05-24 21:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-06-13 06:44 - 2018-05-24 21:12 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-06-13 06:44 - 2018-05-24 21:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-06-13 06:44 - 2018-05-24 21:08 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-06-13 06:44 - 2018-05-24 21:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-06-13 06:44 - 2018-05-24 21:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-06-13 06:44 - 2018-05-24 21:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-06-13 06:44 - 2018-05-24 21:05 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-06-13 06:44 - 2018-05-24 21:05 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-06-13 06:44 - 2018-05-24 20:59 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-06-13 06:44 - 2018-05-24 20:57 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-06-13 06:44 - 2018-05-24 20:52 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-06-13 06:44 - 2018-05-24 20:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-06-13 06:44 - 2018-05-24 20:51 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-06-13 06:44 - 2018-05-24 20:49 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-06-13 06:44 - 2018-05-24 20:48 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-06-13 06:44 - 2018-05-24 20:47 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-06-13 06:44 - 2018-05-24 20:45 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-06-13 06:44 - 2018-05-24 20:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-06-13 06:44 - 2018-05-24 20:40 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-06-13 06:44 - 2018-05-24 20:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-06-13 06:44 - 2018-05-24 20:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-06-13 06:44 - 2018-05-24 20:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-06-13 06:44 - 2018-05-24 20:38 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-06-13 06:44 - 2018-05-24 20:37 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-06-13 06:44 - 2018-05-24 20:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-06-13 06:44 - 2018-05-24 20:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-06-13 06:44 - 2018-05-24 20:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-06-13 06:44 - 2018-05-14 20:44 - 001214656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-13 06:44 - 2018-05-14 20:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-06-13 06:44 - 2018-05-14 20:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-06-13 06:44 - 2018-05-14 20:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-06-13 06:44 - 2018-05-14 20:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2018-06-13 06:44 - 2018-05-14 20:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2018-06-13 06:44 - 2018-05-14 20:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2018-06-13 06:44 - 2018-05-14 18:09 - 000410080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-06-13 06:44 - 2018-05-14 18:09 - 000374872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-13 06:44 - 2018-05-11 18:56 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-06-13 06:44 - 2018-05-11 18:56 - 000025984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-06-13 06:44 - 2018-05-11 18:56 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-06-13 06:44 - 2018-05-10 17:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-06-13 06:44 - 2018-05-10 17:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-06-13 06:44 - 2018-05-10 17:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-06-13 06:44 - 2018-04-06 09:38 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-06-05 10:24 - 2018-06-05 10:24 - 000006012 _____ C:\Users\Dorothy\Desktop\Maille Pics 30 - Shortcut.lnk
2018-06-03 21:27 - 2018-06-03 21:27 - 000000000 ____D C:\Users\Dorothy\Desktop\Originals

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-21 13:48 - 2016-07-21 21:51 - 000000546 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4144204480-2940629699-3375271912-1000.job
2018-06-21 13:41 - 2016-07-21 21:51 - 000000642 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4144204480-2940629699-3375271912-1000.job
2018-06-21 10:13 - 2018-01-29 07:50 - 000000000 ____D C:\Users\Dorothy\AppData\Roaming\360DrvMgr
2018-06-21 10:01 - 2016-11-20 08:13 - 000000000 ____D C:\Users\Dorothy\AppData\LocalLow\Mozilla
2018-06-21 09:59 - 2017-02-17 11:21 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-06-21 09:58 - 2017-01-23 10:48 - 000000000 ____D C:\$360Section
2018-06-21 09:58 - 2017-01-23 10:44 - 000000000 ____D C:\ProgramData\360Quarant
2018-06-21 09:22 - 2017-01-23 09:54 - 000000000 ____D C:\Users\Dorothy\AppData\LocalLow\360WD
2018-06-21 09:18 - 2009-07-13 21:34 - 000021632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-21 09:18 - 2009-07-13 21:34 - 000021632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-21 09:10 - 2009-07-13 21:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-19 11:55 - 2017-07-07 12:14 - 000000000 ____D C:\AdwCleaner
2018-06-19 11:55 - 2017-04-23 14:29 - 000000000 ____D C:\Users\Dorothy\AppData\Roaming\IObit
2018-06-19 10:35 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\inf
2018-06-19 08:03 - 2016-06-13 12:00 - 000000000 ____D C:\Users\Dorothy\AppData\Roaming\PhotoScape
2018-06-19 08:02 - 2016-06-30 16:25 - 000000000 ____D C:\Users\Dorothy\AppData\Local\CrashDumps
2018-06-19 07:39 - 2016-06-23 14:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-18 16:04 - 2017-01-23 09:54 - 000000000 _RSHD C:\360SANDBOX
2018-06-16 12:39 - 2017-01-23 09:54 - 000000000 ____D C:\Users\Dorothy\AppData\Roaming\360safe
2018-06-14 06:54 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\rescache
2018-06-13 09:31 - 2010-11-20 14:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-13 07:27 - 2014-08-01 08:35 - 000000000 ____D C:\Windows\system32\MRT
2018-06-13 07:24 - 2017-10-11 06:58 - 130354992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-13 07:24 - 2014-08-01 08:35 - 130354992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-11 19:36 - 2016-06-11 12:33 - 000000000 ____D C:\Users\Dorothy
2018-06-11 09:32 - 2016-06-15 07:34 - 000000000 ____D C:\Users\Dorothy\AppData\Roaming\SynciOS Data Transfer
2018-06-10 15:50 - 2017-07-09 07:53 - 000000000 ____D C:\Users\Dorothy\AppData\Local\GoToMeeting
2018-06-07 19:47 - 2016-06-11 15:52 - 000000000 ____D C:\Users\Dorothy\Documents\chain maille
2018-06-07 06:57 - 2017-07-10 10:22 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-06-07 06:57 - 2017-07-10 10:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-05 19:29 - 2016-06-30 16:33 - 000000000 ____D C:\SOLFIRE5
2018-06-05 19:29 - 2016-06-11 15:16 - 000004057 _____ C:\Windows\solfire5.ini
2018-06-03 21:18 - 2016-06-11 15:52 - 000000000 ____D C:\Users\Dorothy\Documents\Camera
2018-06-03 09:51 - 2016-06-11 15:46 - 000000000 ____D C:\Users\Dorothy\Documents\Recipies
2018-06-01 16:43 - 2016-06-11 15:37 - 000000000 ____D C:\Users\Dorothy\Documents\DES
2018-06-01 11:24 - 2017-08-18 11:39 - 000000000 ____D C:\Users\Dorothy\Desktop\maille pics
2018-05-28 12:26 - 2016-06-11 15:36 - 000000000 ____D C:\Users\Dorothy\Documents\Crafts
2018-05-22 19:32 - 2018-05-18 11:19 - 000000000 ____D C:\ProgramData\ProductData
2018-05-22 19:32 - 2017-04-23 14:29 - 000000000 ____D C:\Program Files\IObit

==================== Files in the root of some directories =======

2016-06-11 15:14 - 1998-10-27 08:41 - 000029732 ____N () C:\Program Files\Acsatlas.exe
2016-06-11 15:14 - 1997-08-09 16:51 - 000108954 ____N () C:\Program Files\Acsatlas.hlp
2016-06-11 15:14 - 1999-07-15 09:57 - 003097989 _____ () C:\Program Files\Acsia.dat
2016-06-11 15:14 - 1997-03-03 04:30 - 000000042 _____ () C:\Program Files\acspa.dat
2016-06-11 15:14 - 1999-04-21 22:54 - 000124611 _____ () C:\Program Files\Acstt.dat
2016-06-11 15:14 - 1997-12-01 14:11 - 004918952 _____ () C:\Program Files\Acsua.dat
2017-03-20 20:25 - 2017-03-20 22:22 - 000008422 _____ () C:\Program Files\astrlog1.ico
2017-03-20 20:25 - 2017-03-20 22:22 - 000008422 _____ () C:\Program Files\astrlog2.ico
2017-03-20 20:25 - 2017-03-20 22:22 - 000000130 _____ () C:\Program Files\astrlog2.url
2017-03-20 20:25 - 2017-03-20 22:22 - 000008422 _____ () C:\Program Files\astrlog3.ico
2017-03-20 20:25 - 2017-03-20 22:22 - 000008422 _____ () C:\Program Files\astrlog4.ico
2017-03-20 20:26 - 2017-03-20 22:22 - 000006083 _____ () C:\Program Files\astrolog.as
2017-03-20 20:25 - 2017-03-20 22:22 - 000958464 _____ (astrolog.org) C:\Program Files\Astrolog.exe
2017-03-20 20:25 - 2017-03-20 22:22 - 000500507 _____ () C:\Program Files\astrolog.htm
2017-03-20 20:25 - 2017-03-20 22:22 - 000000121 _____ () C:\Program Files\astrolog.url
2017-03-20 20:25 - 2017-03-20 22:22 - 000047785 _____ () C:\Program Files\changes.htm
2017-03-20 20:25 - 2017-03-20 22:22 - 000020497 _____ () C:\Program Files\license.htm
2016-06-11 15:14 - 1998-10-27 08:41 - 000009045 ____N () C:\Program Files\Paconvrt.exe
2017-03-20 20:25 - 2017-03-20 22:22 - 000223002 _____ () C:\Program Files\seas_18.se1
2017-03-20 20:25 - 2017-03-20 22:22 - 001304771 _____ () C:\Program Files\semo_18.se1
2017-03-20 20:25 - 2017-03-20 22:22 - 000004691 _____ () C:\Program Files\seorbel.txt
2017-03-20 20:25 - 2017-03-20 22:22 - 000484055 _____ () C:\Program Files\sepl_18.se1
2016-06-11 15:16 - 2016-06-11 15:16 - 000000023 _____ () C:\Program Files\solfire.usr
2016-06-11 15:14 - 2016-06-11 15:14 - 000004040 _____ () C:\Program Files\UninPCAt.isu
2016-06-12 17:44 - 2017-04-23 05:26 - 000007596 _____ () C:\Users\Dorothy\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-17 10:13

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:38 AM

Posted Today, 06:33 AM

Hi,

All clean.

Keep safe.

#5 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • ONLINE
  •  
  • Local time:08:38 AM

Posted Today, 09:40 AM

Thank you.






3 user(s) are reading this topic

1 members, 2 guests, 0 anonymous users


    DottieR